Group memberships or Department listing?

[kf0mlb]

Once a user is auth'd, is there a method to check group memberships or department assignments? I'm wanting to add different sections to my Flask app, but only display them or make them available based on group or departmental memberships.

Based on the OpenID specs linked on one of the docs, it doesn't look like department or group are passed when you auth.

[rayluo]

OpenID specs defines only a minimal set of claims for a signed-in user. It is up to your chosen Identity Provider to decide whether and how to expose more user info such as department or group. For example, this is how to customize tokens in Microsoft Entra ID.

And this identity library currently (0.9.x) exposes ID token as the context. You code can make decision based on those claims.

[kf0mlb]

Using the token provided by identity.web.Auth, I was able to make a second call to another endpoint and get the information I wanted about Group Memberships, after I added the API permissions to the App Registration.

[rayluo]

Sure, that can also work as long as there is a web api for it and you are OK with sending one more request for it.

BTW, what web framework do you use? If it is Flask, we have higher level api tailored for Flask.